[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default

From: Hadmut Danisch <hadmut_at_danisch.de>
Date: Thu, 20 Mar 2008 22:36:20 +0100

Hi,

Ryan Schmidt wrote:
>
> The Subversion client needs to provide the plain text password to the
> Apache server during authentication. Suggest a way for this to be
> accomplished without storing the plain text password on the client's
> disk.
In the high security area where I am currently maintaining a protected
SVN respository, the users are required to reenter the password any time.

Even beyond that requirement, there's another problem:

Some files need to be checked out from SVN with root permissions, but
with user/password of the person who is root at that very moment. While
several people share access to the root accounts, nobody should be able
to check in changes under the name of a different person (or be able to
read the password from the file system).

If someone really wants to store the password in a local file either for
good reasons or for not taking care, let him do. But under any
circumstances avoid storing the password accidently.

>
> Encrypting the password on the client's disk is not a solution unless
> the Subversion client can also decrypt the password again so it can be
> provided to Apache in plain text. And if the Subversion client, whose
> source is public, can do this, then any other software can do this too
> so it is no more secure than storing the plain text password on disk.
Mostly correct. But this does not imply that you have to store the
password if the user does not want this.

(There are better ways to store it locally, e.g. protect it with a
master password, like firefox, ssh-agent or the gnome/kde wallets do.

A more complicated method for the future might be to use plugins, which
can access the gnome/kde wallets.)

regards
Hadmut

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 22:36:41 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.